Digital system for the detection of variations in operating conditions of an integrated circuit

ABSTRACT

A system for detecting tamper events in a digital circuit by having a Critical Path Replica (CPR) circuit operable in parallel with the circuit being monitored, and adjusted to generate a timing violation if the operating parameters of the circuit change to be outside the normal operating parameters. The critical path replica circuit is adjusted to generate a timing violation before the actual circuit being monitored fails due to the changed operating parameters.

CLAIM OF PRIORITY

This application claims priority under 35 U.S.C. 119(e)(1) to Provisional Application No. 61/611,052 filed 15 Mar. 2012.

TECHNICAL FIELD OF THE INVENTION

The technical field of this invention is detection of variations in operating conditions of an integrated circuit.

BACKGROUND OF THE INVENTION

System-on-Chips (SoCs) that go into payment terminals, e-passport, smart phones, smartcards, energy metering and other such secure embedded systems need to have a means of detecting and self-protecting against a tamper event. A tamper event is defined as any change in the environment under which the SoC is operating that may lead to an operational failure and in turn, possible leakage of sensitive/secure information. A change in the device operating voltage, frequency or temperature beyond the specified range is considered a tamper event.

SUMMARY OF THE INVENTION

This invention describes a simple in-circuit means of detecting a tamper event caused by a change in voltage, temperature or frequency of operation. It is based on a critical path tracker or replica (CPR) circuit that duplicates one or more critical paths in the SOC and which can detect voltage, temperature and frequency tamper.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other aspects of this invention are illustrated in the drawings, in which:

FIG. 1 illustrates the setup CPR circuit;

FIG. 2 illustrates the hold CPR circuit.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Any change in voltage or temperature affects the delay of the gates used in a design. On a critical path, if the change goes beyond specifications then the change in delay will cause the circuit to fail. On a critical path, an increase in frequency similarly causes failure of the circuit. The described invention detects the critical path failures caused by deviations of voltage, temperature, or frequency beyond specifications which will cause timing violations. Two types of timing violations are detected, namely setup and hold type.

The critical path replica circuit will “mimic” the critical path and hence, would also fail in the above scenario. This failure in the critical path replica is detected as a tamper event used to trigger any tamper response mechanisms such as chip reset. A critical aspect of critical path replica circuit design is to ensure that it fails ahead of the actual critical path in the design. Our invention also includes a judicious margin based methodology that enables the critical path replica circuit to fail ahead of the actual design. Thus, by detecting the tamper event earlier than actual design failure, the critical path replica can be used to protect the SOC.

The critical path replica consists of a waveform generator and a capture register which captures this waveform. The waveform is faithfully captured as it passes through the CPR delays as long as the critical path replica is within the operating voltage, temperature and frequency ranges of the design. Once there is a tamper and any of the above parameters are out of spec, the waveform is no longer captured correctly. This incorrect capture of the waveform is detected and is used to preset the register. The register signals the tamper event and can be used to protect the design.

FIG. 1 illustrates one implementation of the setup fault CPOR circuit. This will detect tamper events caused by the voltage going below normal operating range, operating frequency goes above normal operating range, and when the temperature goes above the normal operating range.

Operation is initiated by launch clock replica 101 and waveform generator 102. the generated waveform passes through the critical path replica block 103, tuning multiplexer 104, and is captured by register 105 upon the replica capture clock originating in block 106. The delay of block 104 is controlled by tuning multiplexer select signal 109, as shown in Table 1.

TABLE 1 LAUNCH_CLOCK IN Functional Clock of the critical path launch flop CAPTURE_CLOCK IN Functional Clock of the critical path capture flop RESETN IN Functional Reset of the critical path TUNING_MUX_SEL[4:0] IN Tuning Mux Control 0000—Zero Delay 0001—Delay 1 0010—Delay 2 1111—Delay 3 TAMPER_EVENT OUT Tamper Event TESTMODE IN Test Mode

The value captured in register 105 is compared with the output of register 102 in XNOR 107. Counter 108 is a programmable counter that may be preset to a count value through line 111, and is incremented by the output of 107 whenever a mismatch is detected in 107. Counter 108 is periodically reset by control line 110. A counter 108 overflow is indicated as a tamper event.

FIG. 2 shows an implementation of the hold CPR circuit. This circuit will indicate a tamper fault if the voltage is above the normal operating range, or if the temperature is below the normal operating range. The operation of the circuit in FIG. 2 is similar to that of in FIG. 1, with the exception that the replica capture clock is being delayed by the tuning multiplexer instead of the data from the data path replica as in FIG. 1.

Since the CPR relies on the correlation between the real critical path and the replica, the CPR needs to be placed physically close to the actual critical path in the design. This will also ensure that the IR drop seen by the actual critical path cells is also seen by the CPR.

If there are multiple critical paths in the design, there can be multiple instantiations of the CPR.

It is also recommended to have 1 (setup+hold) CPR per clock domain.

The tamper events from each of these individual CPR implementations would be ORRed and used as an overall indication of a tamper event.

The CPR implementation must detect the tamper condition and signal the tamper event before any of the actual digital logic in the SOC sees the effect of the tamper. Therefore it is important to make sure that the CPR fails setup/hold earlier than the actual critical path in the design.

The tuning multiplexer in the critical path has the capability of introducing additional delay components in the critical path. The granularity of the delay element can be chosen according to an application—as an example, it may be in increments of 10 ps. By default, the delay will be zero.

For the CPR to detect the tamper event faithfully, it needs to have good correlation with the design critical path. There are some effects, which are hard to model in static timing analysis and could lead to weak correlation on Silicon. The CPR needs to have a guard band margin for such effects. Some of the key factors to consider are:

-   -   Design of the replica critical path co-relation to what is seen         on Silicon as critical path     -   Variation due to differential aging effects     -   Variation due to dynamic IR drop differences     -   Variation due to crosstalk effects

In addition, the margin also needs to comprehend the inaccuracy of the CPR detection circuit. In the setup+hold window of the capture register, the capture can be unpredictable due to metastability effects.

In summary, a delay margin comprehending all of the above factors must be introduced in the CPR to make sure that the CPR fails ahead of the design critical path under tamper condition.

This margin is introduced through configurable delay elements in the tuning multiplexer. 

What is claimed is:
 1. A tamper detection system comprising of: a digital circuit to be monitored for tamper events; a Critical Path Replica (CPR) circuit operable in parallel with a critical path within the circuit being monitored; a means of introducing a variable time delay in the data path of the CPR circuit; a means of introducing a variable time delay into the clock path of the CPR circuit; a means of capturing the output of the CPR circuit; a means of comparing the output of the digital circuit being monitored with the output of the CPR circuit; a means of generating a tamper event signal if the comparison fails due to a timing violation when capturing the output of the CPR circuit.
 2. The tamper detection system of claim 1 wherein: the variable time delay introduced into the data path of the CPR circuit is such that the a setup timing violation will occur when the CPR circuit's output is captured if some of the CPR circuits operating parameters have changed.
 3. The tamper detection system of claim 2 wherein: a setup timing violation will occur if the operating voltage is lower than the normal operating range.
 4. The tamper detection system of claim 2 wherein: a setup timing violation will occur if the operating frequency is higher than the normal operating range.
 5. The tamper detection system of claim 2 wherein: a setup timing violation will occur if the operating temperature is higher than the normal operating range.
 6. The tamper detection system of claim 1 wherein: the variable time delay introduced into the clock path of the CPR circuit is such that the a hold timing violation will occur when the CPR circuit's output is captured if some of the CPR circuits operating parameters have changed.
 7. The tamper detection system of claim 6 wherein: a hold timing violation will occur if the operating voltage is higher than the normal operating range.
 8. The tamper detection system of claim 6 wherein: a hold timing violation will occur if the operating temperature is lower than the normal operating range. 